Last Updated: June 16th, 2022
We are ORamaVR S.A., a Switzerland based company, which creates virtual reality (VR) software products and services and operates a platform where users can download and obtain services related to or in connection with our VR products. In order to provide you with the best of our services we need information that we obtain through the collection and processing of Personal Data.
We are committed to protecting and respecting the privacy of our user’s Personal Data and will process all Personal Data fairly, lawfully, and transparently. Therefore, we make sure that we stay always in line with Regulation (EU) 2016/679 (General Data Protection Regulation or GDPR), Swiss Federal Act on Data Protection (FADP) as well as with all other applicable data protection and privacy laws or regulations.
NOTWITHSTANDING TO ANYTHING AFOREMENTIONED OR SPECIFIED HEREINBELOW THE GDPR WILL APPLY ONLY IN THOSE CASES WHEN YOU ARE A CITIZEN OR RESIDENT OF ONE OF THE MEMBER STATES OF THE EUROPEAN UNION.
If at any point in time we decide to make use of your Personal Data in a manner vastly different from that which was stated when this information was initially collected, the user or users shall be promptly notified by email. Users at that time shall have the option as to whether to permit the use of their Personal Data and iinformation in this separate manner.
- Personal Data Controller
- Personal Data and other information we collect
In order to provide you with the best of our Services we collect and use certain Personal Data and other information from and about the users of our Services, including but not limited to:
(i) Personal Data You Give Us. We collect the Personal Data you knowingly and voluntarily provide to us when you use our Services, for example, the Personal Data you provide to us when you register to use our Services. These Personal Data include, without limitation:
- your name,
- email address,
- the username and password you choose to use on our Services,
- your avatar and
- internal account IDs that we assign to your account.
We collect and use these Personal Data in order to authenticate you when you register an account and use our Services, to make sure you are eligible and able to receive our Services, and so that you receive the correct version of the Services. Once you register to our Services you will be able to add more Personal Data on your profile such as your age, job and specification, gender etc.
- If you choose to link your Google account to the Services, we will collect your Google email address and an authentication token provided by Google.
- If you choose to link your Facebook account to the Services, we will collect a unique user ID provided by Facebook and, if permitted by you, your Facebook registered email address.
We also collect information that you provide to us by filling in forms on our website as well as your responses to surveys that we might ask you to complete for research purposes. Any suggestions, feedback or other information that you provide to us relating to our business, Services or other products, are provided to us on a non-confidential basis.
(ii) Data We Collect When You Use Our Software (Analytics). When you use our VR software, we collect, analyze and aggregate a series of data concerning the way you handle our product. These data include information such as:
- your completion time per action,
- if you skipped an action,
- your score for each action,
- your session time, your total session count,
- your error/warning count,
- the date and time of each session,
- the scenario ID that you played (if applicable in session)
- VR Logger’s hand movements and interactions, avatar movements and speech.
(iii) Data We Collect Through Your Web Browser. As you interact with our Services, we may automatically collect general data and information that is sent to us by your web browser such as:
- details of the device(s) you use to access our Services,
- your internet protocol (IP) address,
- login data,
- your username and password,
- the address of the web page you were visiting when you accessed our website or an advertisement hosted by us on a third-party website,
- your browser type and version,
- time zone setting and location,
- information on your operating system and browser and
- the date and time you visited our website.
We may also additionally collect data about your browsing actions and patterns, such as how and when you use our Services, how you moved around our website, what you searched for, website performance statistics, traffic, location, weblogs and other communication data.
We collect these data by using cookies, server logs and other similar technologies, depending on the settings on your web browser. The data we collect automatically do not include information that identifies you personally. However, we may maintain it or associate it with Personal Data and Information we collect in other ways or receive from third parties. We use this non-personal information primarily to create statistics that help us improve our Services and our business.
(v) Advertising Data. We may also collect information regarding visits to advertisements we host on behalf of our clients, which may appear on third party websites. This information may include the number of times an advertisement was viewed, how long the advertisement was viewed, the time of day, and the IP address of the computer that viewed the advertisement.
- How we collect your Data
We may collect Personal Data and other information form and about you in the following ways:
- when you interact directly with us by filling in forms, entering information online or by corresponding with us by email or otherwise. This includes personal data you provide, for example, when you:
- create an account
- subscribe to our forum, newsletter or social media pages
- contact us with an enquiry or to report a problem (by email, or otherwise) or
- when you log in to our website via social media
- when you use our Services, we collect information by tracking your movements and progress while using our VR software
- when you interact with our website we collect information through cookies, server logs and other similar technologies.
- by receiving Personal Data about you from various third parties, including analytics providers, such as Google, and social media platforms.
- How we use and process your Personal Data and information we collect
We may use the Personal Data and information we collect about you or you provide to us through your access to and use of our Services, for the following purposes:
a. to operate and provide you our Services. We use your Personal Data and information we collect to operate, maintain, enhance and provide you with our Services. For example, in order to:
- create accounts and user profiles,
- enable certain features,
- communicate with you about our Services,
- provide you with customer and technical support,
- contact you for administrative purposes such as customer service
- respond to comments and questions.
b. to improve and develop your experience and our Services. We use your Personal Data and information we collect to understand and improve our Services and to develop our VR Software. For example, in order to:
- solicit and analyze input and feedback about our Services,
- monitor and analyze the effectiveness of our Services,
- identify and address technical issues on our Services,
- conduct and learn from research about the ways in which you use our Services
- understand and analyze the usage trends and preferences of our users,
- improve and develop our features,
- develop new products, services, features, and functionality,
- customize your experiences on our Services based on your activities,
- to provide you with other information, products or services that you request from us, including but not limited to, providing you information on product updates or other relevant information.
c. to advertise to you. We use Advertising Data in order to help us, our clients, or potential advertisers evaluate information designed to enhance the success of a particular advertising campaign.
d. to promote safety, integrity and security. We use your Personal Data and information we collect:
- for identification and authentication
- in order to verify accounts and activity,
- to combat harmful conduct,
- to detect, prevent and respond to fraud,
- to maintain the integrity of our Services, and
- to promote safety and security on and off our Services.
For example, we use information collected to investigate suspicious activity or violations of our terms or policies, violation of laws, potential intellectual property infringement or other misuse of our Services, detect when someone needs help, and protect our or others’ rights or property.
f. to send you information about our products and services, targeted marketing, and promotional offers, subject to your communication choices. We will continue to provide you with information until you ask us not to, by unsubscribing from our communication choices.
g. to carry out our obligations and enforce our rights arising from any contracts entered into between you and us and to conduct our administrative and internal business operations.
h. for any other purpose with your consent, for which we provide specific notice at the time the information is collected.
i. to comply with any court order, law or legal process, including to respond to any government or regulatory request.
- Lawful Basis for processing your Personal Data and Information
We will only collect and process your Personal Data and Information where we have a lawful basis to do so. As a Data Controller, the lawful basis for our collection and processing of your Personal Data varies depending on the manner and purpose for which we collect it. Therefore:
- for the purposes described under Sections 4.a and 4.d we process your Personal Data and Information only if and to the extent that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract (Art. 6 par. 1 a GDPR)
- for the purposes described under Sections 4.b, 4.c, 4.d, 4.e and 4.g we process your Personal Data and Information only if and to the extent that we have a legitimate interest, except where such interest is overridden by your interests or fundamental rights and freedoms which require protection of personal data (Art. 6 par. 1 f GDPR)
In addition, we collect and process your Personal Data and Information if and to the extent that the processing is necessary for the fulfilment of requirements and obligations stated in laws, regulations or decisions from authorities and supervisors (legal obligation) or processing is necessary in order to protect your vital interests or the vital interests of another natural person
Consent. For any other purpose not included in the purposes described under Section 4 or in case of processing of special categories of data, we will ask for your consent to process your Personal Data and Information. The consent will contain information on that specific processing activity. In this case the lawful basis for the processing by us of your Personal Data and information is the consent you provided. If you have given consent to a processing of your Personal Data and Information you can always withdraw the consent as described in Section 11 g.
We will only use your Personal Data and Information for the purposes for which we have collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose or the processing undertaken is otherwise permitted by law. In case we use your Personal Data for an unrelated purpose, we will notify you promptly and we will explain the lawful basis which allows us to do so.
Whenever we note that we use legitimate interest as a legal basis for a specific situation, we rely on internal legal analysis on how in these specific cases we have balanced out the legitimate interest to the interests or fundamental rights and freedoms of the data subject. The analysis is updated if we decide to collect more data, for another purpose or there are new developments that require a new assessment.
- Where your Personal Data and Information is stored
Our Company currently maintains Servers where your Personal Data and Information is stored, in the United States of America. Therefore, your Personal Data and Information may be processed on servers located outside of the country where you are located.
If you are accustomed to or familiar with the privacy laws of other countries, please note that the laws governing the processing of Personal Data and Information in the United States of America may not be as rigorous as those in the European Union, Switzerland or other nations. Furthermore:
- as of July 16th, 2020, the EU-U.S. Privacy Shield Framework is no longer a valid mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States,
- as of September 8th, 2020, the Federal Data Protection and Information Commissioner (FDPIC) of Switzerland issued an opinion concluding that the Swiss-U.S. Privacy Shield Framework does not provide an adequate level of protection for data transfers from Switzerland to the United States pursuant to Switzerland’s Federal Act on Data Protection (FADP).
However, this does not relieve participants in the EU-U.S. Privacy Shield of their obligations under the EU-U.S. Privacy Shield Framework neither relieve participants in the Swiss-U.S. Privacy Shield of their obligations under the Swiss-U.S. Privacy Shield Framework.
- Who we may disclose your Personal Data and Information to
b. Information Shared with Other Users. When you use our Services, and in particular when you user our VR Software, we will share certain Personal Data and Information with other users. These Personal Data and Information include your profile (such as your username and your avatar), your achievements and score.
c. Information shared with Third Parties. We may share Advertising Data in aggregate form as well as other Aggregated Data or otherwise non-personal or de-identified information, with third parties such as our potential clients, for various purposes, including:
(i) compliance with various reporting obligations,
(ii) for business or marketing purposes, or
(iii) to assist them in understanding our user’s interests, habits, and usage patterns for certain and assessing whether or how they plan to advertise using our Services.
d. Information Disclosed for Our Protection and the Protection of Others. We cooperate with government and law enforcement officials or private parties to enforce and comply with the law. We only disclose Personal Data and Information about you to government or law enforcement officials or private parties when we reasonably believe necessary or appropriate:
- to respond to claims, legal process (including subpoenas and warrants)
- to protect our property, rights, and safety and the property, rights, and safety of our users, a third party or the public in general and
- to investigate and stop any activity that we consider illegal, unethical, or legally actionable.
- How your Personal Data and Information is transferred
If we transfer your Personal Data and Information from Switzerland or the EU to other countries, including the USA, we ensure that a similar degree of protection is provided to your Personal Data and Information as within Switzerland or the EU, as applicable, by ensuring that at least one of the following safeguards is implemented:
- The country that your Personal Data and Information is transferred to is a country that the European Commission has deemed to provide an adequate level of protection for Personal Data and Information.
- We use specific contracts approved by the European Commission, which give your Personal Data and Information the same protection as it has in the EU, as applicable, when we engage with service providers.
- How we keep your Personal Data and Information safe
However, please be aware that no security measures are perfect or impenetrable. Since the Internet is not a 100% secure environment we cannot guarantee the security of your Personal Data and Information, and there is some risk that an unauthorized third party may find a way to circumvent our security systems or that transmission of your information over the Internet will be intercepted. We cannot and do not guarantee that Personal Data and Information about you will not be accessed, viewed, disclosed, altered, or destroyed by breach of any of our security measures. It is your responsibility to protect the confidentiality of your Personal Data and Information. For this purpose, please make sure to keep your password confidential and not disclose it to any other person. You are responsible for all uses of our Services by any person using your password. Please advise us immediately if you believe your password has been misused. If you have any questions about our security practices, feel free to email us at email@example.com .
- How long we will keep your Personal Data and Information
When we no longer need to use your Personal Data and Information and there is no need for us to keep it to comply with our legal or regulatory obligations, we will either remove it from our systems or anonymize it so that it can no longer be associated with you. When removing Personal Data and Information, we will take commercially reasonable and technically feasible measures to make said Personal Data and Information irrecoverable or irreproducible.
- Your privacy rights and choices
You have certain rights as a data subject in relation to your Personal Data and Information:
- Request access to your Personal Data and Information
You have the right to access the Personal Data and Information we keep about you. You may, therefore, request to obtain a copy of the Personal Data and Information we hold about you and certain information relating to our processing of your Personal Data and Information by emailing firstname.lastname@example.org
Your right to access may, however, be restricted by legislation, protection of other people’s privacy and consideration for our Company’s business concept and business practices. Our know-how, business secrets as well as internal assessments and material may also restrict your right of access.
- Request correction of your Personal Data and Information
If your Personal Data and Information are incorrect or incomplete, you are entitled to have your Personal Data and Information corrected. You can update your personal data at any time by emailing email@example.com
- Request erasure
You have the right request erasure of your Personal Data and Information in case:
- you withdraw your consent to the processing and there is no other legitimate reason for processing,
- you object to the processing and there is no justified reason for continuing the processing or
- processing is unlawful.
Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Request restriction of processing of your Personal Data and Information
If you contest the accuracy of your Personal Data and Information or the lawfulness of the processing, or if you have objected to the processing of your Personal Data and Information in accordance with your right to object, you may request the restriction of the processing of your Personal Data and Information. In this case the processing will be restricted to storage only, until the accuracy of your Personal Data and Information can be established or it can be checked whether our legitimate interests override your interests.
However, please keep in mind that even when the processing of your Personal Data and Information has been restricted as described above, we may process your data in other ways if this is necessary to enforce a legal claim or you have given your consent. In addition, where processing is restricted, we are allowed to retain sufficient information about you to ensure that the restriction is respected in future.
- Object to processing of your Personal Data and Information
You have the right to object to the processing of your Personal Data and Information where we believe we have a legitimate interest in processing it. You also have the right to object to our processing of your Personal Data and Information for direct marketing purposes. However, in some cases, we may demonstrate that we have compelling legitimate grounds to process your data which override your rights and freedoms.
- Request the transfer of your Personal Data and Information
You have the right to obtain a digital copy of your personal data or request the transfer of your personal data to another company. Please note though that this right only applies to automated data which you initially provided consent for us to use or where we used the data to perform a contract with you.
- Right to withdraw your consent
You have the right to withdraw your consent at any time by contacting us on firstname.lastname@example.org. However, please note that the withdrawal of your consent does not affect the lawfulness of the processing based on your consent before its withdrawal.
- Right to lodge a complaint
If you have any concerns or complaints regarding the way in which we process your Personal Data and Information, please email us at email@example.com. You also have the right to complain to a regulator. We would appreciate the chance to deal with your concerns directly so we would prefer you to contact us first. However, if you are based in the EU and believe that we have not complied with data protection laws, you can complain to your local supervisory authority.
The law provides exceptions to these rights in certain circumstances. Where you cannot exercise one of these rights due to such an exception, we will explain to you why.
After you contact us, you may receive an email in order to verify your request. We aim to provide the information or complete the outcome you request within 30 days, or such shorter time period as provided by laws of your jurisdiction.
- How to modify your Personal Data and Information – Opt out clause
We offer you choices regarding the collection, use, and sharing of your Personal Data and Information and we’ll respect the choices you make. However, please note that if you decide not to provide us with the Personal Data and Information that we request, you may not be able to access all of the features of our Services.
You may update your profile information through our Services. If you wish to access, update, delete or amend any other personal information we hold about you, you may contact us at firstname.lastname@example.org.
If you wish to have your name removed from any of our mailing or subscription lists, please write to us at our above address or click the remove subscription link set forth in the relevant communication (typically provided at the end of such communication). In the event that you contact us with this request, all reasonable efforts will be taken to ensure that you will not receive any further communications from which you have opted-out in the future.
OUR SERVICES ARE NOT MEANT FOR MINORS. You must be at least eighteen (18) years old, a qualified surgeon and a registered user to use our Services. If you are over eighteen (18) years old but have not yet reached the age of majority, you must have your parent or guardian’s permission to use our Services. If you become aware that your child or any child under your care has provided us with information without your consent, please contact us at the contact information listed below and we will delete any such account or profile and associated information.
- Links to websites and other third parties
Our website may include links to and from the websites of our partner networks, advertisers and affiliates, or to social media platforms. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any Personal Data and Information to their websites.
- General Data Protection Regulation (GDPR)
- How to contact us